fedora 24
shell weakness #22

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

OpenMesh-4.1/src/OpenMesh/Tools/Utils/Gnuplot.cc

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

 // Rajarshi Guha
// <rajarshi@presidency.com>
//
// 07/03/03
//
////////////////////////////////////////////

#include "Gnuplot.hh"
#include <stdarg.h>
#ifdef WIN32
#  include <io.h>
#else
#  include <fcntl.h>  // X_OK
#  include <unistd.h> // access
#  define PATH_MAXNAMESZ       4096
#endif
#include <iostream>
#include <fstream>
#include <sstream>
#include <list>
#include <algorithm>

#if defined(WIN32)
#  define pclose _pclose
#  define popen  _popen
#  define access _access
#  define ACCESS_OK 0
#  define PATH_SEP ";"
#  define MKTEMP_AND_CHECK_FAILED(name) (_mktemp(name) == NULL)
#else
#  define ACCESS_OK X_OK
#  define PATH_SEP ":"
#  define MKTEMP_AND_CHECK_FAILED(name) (mkstemp(name) == -1)
#endif

#ifndef WIN32
  #include <stdlib.h>
  #include <string.h>
#else
  #ifdef __MINGW32__
    #include <stdlib.h>
    #include <string.h>
  #endif
#endif

using namespace std;

/////////////////////////////
//
// A string tokenizer taken from 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.